diff --git a/docs/content/doc/advanced/config-cheat-sheet.en-us.md b/docs/content/doc/advanced/config-cheat-sheet.en-us.md index 2306dd2281e61..9d25aff559c72 100644 --- a/docs/content/doc/advanced/config-cheat-sheet.en-us.md +++ b/docs/content/doc/advanced/config-cheat-sheet.en-us.md @@ -131,7 +131,7 @@ Values containing `#` or `;` must be quoted using `` ` `` or `"""`. - `REACTIONS`: All available reactions. Allow users react with different emoji's. - `DEFAULT_SHOW_FULL_NAME`: **false**: Whether the full name of the users should be shown where possible. If the full name isn't set, the username will be used. - `SEARCH_REPO_DESCRIPTION`: **true**: Whether to search within description at repository search on explore page. -- `USE_SERVICE_WORKER`: **true**: Whether to enable a Service Worker to cache frontend assets. +- `USE_SERVICE_WORKER`: **true**: Whether to enable a Service Worker to cache frontend assets and enable push notifications on supported browsers. ### UI - Admin (`ui.admin`) @@ -289,6 +289,8 @@ set name for unique queues. Individual queues will default to - `INSTALL_LOCK`: **false**: Disallow access to the install page. - `SECRET_KEY`: **\**: Global secret key. This should be changed. +- `WEB_PUSH_PUBLIC_KEY`: **\**: VAPID key pair used for Web Push notifications +- `WEB_PUSH_PRIVATE_KEY`: **\**: VAPID key pair used for Web Push notifications - `LOGIN_REMEMBER_DAYS`: **7**: Cookie lifetime, in days. - `COOKIE_USERNAME`: **gitea\_awesome**: Name of the cookie used to store the current username. - `COOKIE_REMEMBER_NAME`: **gitea\_incredible**: Name of cookie used to store authentication diff --git a/go.mod b/go.mod index 0930b0d168a9b..436082180ed55 100644 --- a/go.mod +++ b/go.mod @@ -20,6 +20,7 @@ require ( github.com/BurntSushi/toml v0.3.1 github.com/PuerkitoBio/goquery v1.5.0 github.com/RoaringBitmap/roaring v0.4.21 // indirect + github.com/SherClockHolmes/webpush-go v1.1.0 github.com/bgentry/speakeasy v0.1.0 // indirect github.com/blevesearch/bleve v0.8.1 github.com/blevesearch/blevex v0.0.0-20180227211930-4b158bb555a3 // indirect diff --git a/go.sum b/go.sum index 5944cbb5e7725..81154824580d4 100644 --- a/go.sum +++ b/go.sum @@ -56,6 +56,8 @@ github.com/PuerkitoBio/urlesc v0.0.0-20170810143723-de5bf2ad4578 h1:d+Bc7a5rLufV github.com/PuerkitoBio/urlesc v0.0.0-20170810143723-de5bf2ad4578/go.mod h1:uGdkoq3SwY9Y+13GIhn11/XLaGBb4BfwItxLd5jeuXE= github.com/RoaringBitmap/roaring v0.4.21 h1:WJ/zIlNX4wQZ9x8Ey33O1UaD9TCTakYsdLFSBcTwH+8= github.com/RoaringBitmap/roaring v0.4.21/go.mod h1:D0gp8kJQgE1A4LQ5wFLggQEyvDi06Mq5mKs52e1TwOo= +github.com/SherClockHolmes/webpush-go v1.1.0 h1:WjWbwo0Bf1Cbd8Yr0myrpYYlcN7VvQz/TVmUTjxL35g= +github.com/SherClockHolmes/webpush-go v1.1.0/go.mod h1:Jbd13H6kOFZubRMAaEHQS+e0EpP/aSHtLKeo9gsyO5k= github.com/Shopify/sarama v1.19.0/go.mod h1:FVkBWblsNy7DGZRfXLU0O9RCGt5g3g3yEuWXgklEdEo= github.com/Shopify/toxiproxy v2.1.4+incompatible/go.mod h1:OXgGpZ6Cli1/URJOF1DMxUHB2q5Ap20/P/eIdh4G0pI= github.com/Unknwon/com v0.0.0-20190321035513-0fed4efef755/go.mod h1:voKvFVpXBJxdIPeqjoJuLK+UVcRlo/JLjeToGxPYu68= @@ -637,6 +639,7 @@ go.uber.org/zap v1.10.0/go.mod h1:vwi/ZaCAaUcBkycHslxD9B2zi4UTXhF60s6SWpuDF0Q= golang.org/x/crypto v0.0.0-20180820150726-614d502a4dac/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4= golang.org/x/crypto v0.0.0-20180904163835-0709b304e793/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4= golang.org/x/crypto v0.0.0-20181203042331-505ab145d0a9/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4= +golang.org/x/crypto v0.0.0-20190131182504-b8fe1690c613/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4= golang.org/x/crypto v0.0.0-20190219172222-a4c6cb3142f2/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4= golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= golang.org/x/crypto v0.0.0-20190320223903-b7391e95e576/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= diff --git a/models/migrations/migrations.go b/models/migrations/migrations.go index cad7f05f15989..66cdb89e4e3ea 100644 --- a/models/migrations/migrations.go +++ b/models/migrations/migrations.go @@ -202,8 +202,10 @@ var migrations = []Migration{ NewMigration("Add EmailHash Table", addEmailHashTable), // v134 -> v135 NewMigration("Refix merge base for merged pull requests", refixMergeBase), - // v135 -> 136 + // v135 -> v136 NewMigration("Add OrgID column to Labels table", addOrgIDLabelColumn), + // v136 -> v137 + NewMigration("Add WebPushSubscription table", addWebPushSubcriptionTable), } // GetCurrentDBVersion returns the current db version diff --git a/models/migrations/v136.go b/models/migrations/v136.go new file mode 100644 index 0000000000000..30d5ef159c160 --- /dev/null +++ b/models/migrations/v136.go @@ -0,0 +1,24 @@ +// Copyright 2020 The Gitea Authors. All rights reserved. +// Use of this source code is governed by a MIT-style +// license that can be found in the LICENSE file. + +package migrations + +import ( + "code.gitea.io/gitea/modules/timeutil" + "xorm.io/xorm" +) + +func addWebPushSubcriptionTable(x *xorm.Engine) error { + type WebPushSubscription struct { + ID int64 `xorm:"pk autoincr"` + UserID int64 `xorm:"INDEX"` + + Endpoint string `xorm:"UNIQUE"` + Auth string + P256DH string + + CreatedUnix timeutil.TimeStamp `xorm:"INDEX created"` + } + return x.Sync2(new(WebPushSubscription)) +} diff --git a/models/models.go b/models/models.go index c818c651007b4..097e162dd4566 100644 --- a/models/models.go +++ b/models/models.go @@ -125,6 +125,7 @@ func init() { new(Task), new(LanguageStat), new(EmailHash), + new(WebPushSubscription), ) gonicNames := []string{"SSL", "UID"} diff --git a/models/notification.go b/models/notification.go index 8d74ac129f01e..632735054d4bf 100644 --- a/models/notification.go +++ b/models/notification.go @@ -7,9 +7,11 @@ package models import ( "fmt" "path" + "strconv" "code.gitea.io/gitea/modules/log" "code.gitea.io/gitea/modules/setting" + "code.gitea.io/gitea/modules/structs" api "code.gitea.io/gitea/modules/structs" "code.gitea.io/gitea/modules/timeutil" @@ -116,6 +118,97 @@ func GetNotifications(opts FindNotificationOptions) (NotificationList, error) { return getNotifications(x, opts) } +// GetEligibleNotificationParticipants returns a list of users, as well as the issue, who are eligible to +// receive a new or updated notification. +// receiverID > 0 just targets the one user. +func GetEligibleNotificationParticipants(issue *Issue, notificationAuthorID, receiverID int64) (map[int64]struct{}, error) { + sess := x.NewSession() + defer sess.Close() + if err := sess.Begin(); err != nil { + return nil, err + } + + result, err := getEligibleNotificationParticipants(sess, issue, notificationAuthorID, receiverID) + if err != nil { + return nil, err + } + + err = sess.Commit() + if err != nil { + return nil, err + } + + return result, err +} + +func getEligibleNotificationParticipants(e Engine, issue *Issue, notificationAuthorID, receiverID int64) (map[int64]struct{}, error) { + var toNotify map[int64]struct{} + + if receiverID > 0 { + toNotify = make(map[int64]struct{}, 1) + toNotify[receiverID] = struct{}{} + return toNotify, nil + + } + + toNotify = make(map[int64]struct{}, 32) + issueWatches, err := getIssueWatchersIDs(e, issue.ID, true) + if err != nil { + return nil, err + } + for _, id := range issueWatches { + toNotify[id] = struct{}{} + } + + repoWatches, err := getRepoWatchersIDs(e, issue.RepoID) + if err != nil { + return nil, err + } + for _, id := range repoWatches { + toNotify[id] = struct{}{} + } + issueParticipants, err := issue.getParticipantIDsByIssue(e) + if err != nil { + return nil, err + } + for _, id := range issueParticipants { + toNotify[id] = struct{}{} + } + + // dont notify user who cause notification + delete(toNotify, notificationAuthorID) + // filter out explicit unwatch on issue + issueUnWatches, err := getIssueWatchersIDs(e, issue.ID, false) + if err != nil { + return nil, err + } + for _, id := range issueUnWatches { + delete(toNotify, id) + } + + err = issue.loadRepo(e) + if err != nil { + return nil, err + } + units := issue.Repo.Units + issue.Repo.Units = nil // <- Not sure why this was here before refactoring, but we put it back later + defer func() { + issue.Repo.Units = units + }() + + // Filter out those who can't view the linked issue/PR, but were previously involved + for userID := range toNotify { + if issue.IsPull && !issue.Repo.checkUnitUser(e, userID, false, UnitTypePullRequests) { + delete(toNotify, userID) + } + if !issue.IsPull && !issue.Repo.checkUnitUser(e, userID, false, UnitTypeIssues) { + delete(toNotify, userID) + } + } + + return toNotify, nil +} + // CreateOrUpdateIssueNotifications creates an issue notification // for each watcher, or updates it if already exists // receiverID > 0 just send to reciver, else send to all watcher @@ -135,9 +228,7 @@ func CreateOrUpdateIssueNotifications(issueID, commentID, notificationAuthorID, func createOrUpdateIssueNotifications(e Engine, issueID, commentID, notificationAuthorID, receiverID int64) error { // init - var toNotify map[int64]struct{} notifications, err := getNotificationsByIssueID(e, issueID) - if err != nil { return err } @@ -147,63 +238,24 @@ func createOrUpdateIssueNotifications(e Engine, issueID, commentID, notification return err } - if receiverID > 0 { - toNotify = make(map[int64]struct{}, 1) - toNotify[receiverID] = struct{}{} - } else { - toNotify = make(map[int64]struct{}, 32) - issueWatches, err := getIssueWatchersIDs(e, issueID, true) - if err != nil { - return err - } - for _, id := range issueWatches { - toNotify[id] = struct{}{} - } - - repoWatches, err := getRepoWatchersIDs(e, issue.RepoID) - if err != nil { - return err - } - for _, id := range repoWatches { - toNotify[id] = struct{}{} - } - issueParticipants, err := issue.getParticipantIDsByIssue(e) - if err != nil { - return err - } - for _, id := range issueParticipants { - toNotify[id] = struct{}{} - } - - // dont notify user who cause notification - delete(toNotify, notificationAuthorID) - // explicit unwatch on issue - issueUnWatches, err := getIssueWatchersIDs(e, issueID, false) - if err != nil { - return err - } - for _, id := range issueUnWatches { - delete(toNotify, id) - } - } - - err = issue.loadRepo(e) + toNotify, err := getEligibleNotificationParticipants(e, issue, notificationAuthorID, receiverID) if err != nil { return err } + if len(toNotify) == 0 { + return nil + } // notify for userID := range toNotify { - issue.Repo.Units = nil - if issue.IsPull && !issue.Repo.checkUnitUser(e, userID, false, UnitTypePullRequests) { - continue - } - if !issue.IsPull && !issue.Repo.checkUnitUser(e, userID, false, UnitTypeIssues) { - continue + + err := notificationSendWebPushNotification(userID, issue, commentID) + if err != nil { + log.Error("problem sending webhook notification: %v", err) } - if notificationExists(notifications, issue.ID, userID) { - if err = updateIssueNotification(e, userID, issue.ID, commentID, notificationAuthorID); err != nil { + if notificationExists(notifications, issueID, userID) { + if err = updateIssueNotification(e, userID, issueID, commentID, notificationAuthorID); err != nil { return err } continue @@ -779,3 +831,23 @@ func UpdateNotificationStatuses(user *User, currentStatus NotificationStatus, de Update(n) return err } + +func notificationSendWebPushNotification(userID int64, issue *Issue, commentID int64) error { + issueType := "issue" + if issue.IsPull { + issueType = "pull request" + } + + anchorURL := "" + if commentID != 0 { + anchorURL = "#issuecomment-" + strconv.FormatInt(commentID, 10) + } + + notificationPayload := &structs.NotificationPayload{ + Title: setting.AppName + " - " + issue.Repo.MustOwner().Name + "/" + issue.Repo.Name, + Text: "New activity on " + issueType + " #" + strconv.FormatInt(issue.Index, 10) + " " + issue.Title + ".\nClick to open.", + URL: issue.HTMLURL() + anchorURL, + } + err := SendWebPushNotificationToUser(userID, notificationPayload) + return err +} diff --git a/models/webpush.go b/models/webpush.go new file mode 100644 index 0000000000000..4e36e40d5fcbc --- /dev/null +++ b/models/webpush.go @@ -0,0 +1,130 @@ +// Copyright 2020 The Gitea Authors. All rights reserved. +// Use of this source code is governed by a MIT-style +// license that can be found in the LICENSE file. + +package models + +import ( + "encoding/json" + "net/http" + + "code.gitea.io/gitea/modules/log" + "code.gitea.io/gitea/modules/setting" + "code.gitea.io/gitea/modules/structs" + "code.gitea.io/gitea/modules/timeutil" + + "github.com/SherClockHolmes/webpush-go" +) + +// WebPushSubscription represents a HTML5 Web Push Subscription used for background notifications. +type WebPushSubscription struct { + ID int64 `xorm:"pk autoincr"` + UserID int64 `xorm:"INDEX"` + + Endpoint string `xorm:"UNIQUE"` + Auth string + P256DH string + + CreatedUnix timeutil.TimeStamp `xorm:"INDEX created"` +} + +// CreateWebPushSubscription creates a row on the push subscriptions table. +func CreateWebPushSubscription(userID int64, subscription *structs.NotificationWebPushSubscription) error { + return createWebPushSubscription(x, userID, subscription) +} + +func createWebPushSubscription(e Engine, userID int64, subscription *structs.NotificationWebPushSubscription) error { + webPushSubscription := &WebPushSubscription{ + UserID: userID, + Endpoint: subscription.Endpoint, + Auth: subscription.Auth, + P256DH: subscription.P256DH, + } + + _, err := e.Insert(webPushSubscription) + return err +} + +// GetWebPushSubscriptionsByUserID gets all the Web Push subscriptions for a given user +func GetWebPushSubscriptionsByUserID(userID int64) ([]*WebPushSubscription, error) { + return getWebPushSubscriptionsByUserID(x, userID) +} + +func getWebPushSubscriptionsByUserID(e Engine, userID int64) ([]*WebPushSubscription, error) { + subscriptions := make([]*WebPushSubscription, 0) + err := e.Where("user_id = ?", userID).Find(&subscriptions) + return subscriptions, err +} + +// DeleteWebPushSubscription deletes a given Web Push subscription by ID +func DeleteWebPushSubscription(subscriptionID int64) error { + return deleteWebPushSubscription(x, subscriptionID) +} + +func deleteWebPushSubscription(e Engine, subscriptionID int64) error { + _, err := e.Delete(&WebPushSubscription{ID: subscriptionID}) + return err +} + +// SendWebPushNotificationToUser sends a background Web Push notification to any of the user's +// enrolled browsers. +// It will also remove any failed (expired) subscriptions. +func SendWebPushNotificationToUser(userID int64, payload *structs.NotificationPayload) error { + userSubscriptions, err := GetWebPushSubscriptionsByUserID(userID) + if err != nil { + return err + } + + for _, userSubscription := range userSubscriptions { + subscription := &structs.NotificationWebPushSubscription{ + Endpoint: userSubscription.Endpoint, + Auth: userSubscription.Auth, + P256DH: userSubscription.P256DH, + } + resp, err := SendWebPushNotification(subscription, payload) + if err != nil { + return err + } + defer resp.Body.Close() + + if resp.StatusCode >= 400 && resp.StatusCode <= 499 { + // This is a bad subscription. It may have expired (410 Gone). + err = DeleteWebPushSubscription(userSubscription.ID) + if err != nil { + log.Error("could not delete Web Push subscription: %v", err) + return err + } + } + } + return nil +} + +// SendWebPushNotification sends a background Web Push notification to any of the user's +// enrolled browsers. +// The HTTP status code indicates success. err is for internal problems. +func SendWebPushNotification(subscription *structs.NotificationWebPushSubscription, payload *structs.NotificationPayload) (*http.Response, error) { + webPushSubscription := &webpush.Subscription{ + Endpoint: subscription.Endpoint, + Keys: webpush.Keys{ + Auth: subscription.Auth, + P256dh: subscription.P256DH, + }, + } + + pushPayload, err := json.Marshal(payload) + if err != nil { + return nil, err + } + + resp, err := webpush.SendNotification(pushPayload, webPushSubscription, &webpush.Options{ + VAPIDPublicKey: setting.WebPushPublicKey, + VAPIDPrivateKey: setting.WebPushPrivateKey, + TTL: 30, + }) + if err != nil { + return resp, err + } + + defer resp.Body.Close() + return resp, nil +} diff --git a/modules/setting/setting.go b/modules/setting/setting.go index 74f6da38d1564..0d3863febaaa3 100644 --- a/modules/setting/setting.go +++ b/modules/setting/setting.go @@ -26,6 +26,7 @@ import ( "code.gitea.io/gitea/modules/log" "code.gitea.io/gitea/modules/user" + webpush "github.com/SherClockHolmes/webpush-go" shellquote "github.com/kballard/go-shellquote" version "github.com/mcuadros/go-version" "github.com/unknwon/cae/zip" @@ -147,6 +148,8 @@ var ( // Security settings InstallLock bool SecretKey string + WebPushPublicKey string + WebPushPrivateKey string LogInRememberDays int CookieUserName string CookieRememberName string @@ -816,6 +819,36 @@ func NewContext() { PasswordHashAlgo = sec.Key("PASSWORD_HASH_ALGO").MustString("pbkdf2") CSRFCookieHTTPOnly = sec.Key("CSRF_COOKIE_HTTP_ONLY").MustBool(true) + WebPushPublicKey = sec.Key("WEB_PUSH_PUBLIC_KEY").String() + WebPushPrivateKey = sec.Key("WEB_PUSH_PRIVATE_KEY").String() + if WebPushPrivateKey == "" || WebPushPublicKey == "" { + log.Info("No VAPID (Web Push) keypair detected. Generating and saving to app.ini") + WebPushPrivateKey, WebPushPublicKey, err = webpush.GenerateVAPIDKeys() + if err != nil { + log.Fatal("error generating VAPID keypair: %v", err) + return + } + + cfg := ini.Empty() + if com.IsFile(CustomConf) { + if err := cfg.Append(CustomConf); err != nil { + log.Error("failed to load custom conf %s: %v", CustomConf, err) + return + } + } + cfg.Section("security").Key("WEB_PUSH_PUBLIC_KEY").SetValue(WebPushPublicKey) + cfg.Section("security").Key("WEB_PUSH_PRIVATE_KEY").SetValue(WebPushPrivateKey) + + if err := os.MkdirAll(filepath.Dir(CustomConf), os.ModePerm); err != nil { + log.Fatal("failed to create '%s': %v", CustomConf, err) + return + } + if err := cfg.SaveTo(CustomConf); err != nil { + log.Fatal("error saving generated VAPID keypair to custom config: %v", err) + return + } + } + InternalToken = loadInternalToken(sec) cfgdata := sec.Key("PASSWORD_COMPLEXITY").Strings(",") diff --git a/modules/structs/notifications.go b/modules/structs/notifications.go index b6c9774a97ad8..dc5923e7ec593 100644 --- a/modules/structs/notifications.go +++ b/modules/structs/notifications.go @@ -31,3 +31,18 @@ type NotificationSubject struct { type NotificationCount struct { New int64 `json:"new"` } + +// NotificationWebPushSubscription represents a HTML5 Web Push Subscription used for background notifications. +type NotificationWebPushSubscription struct { + Endpoint string `json:"endpoint"` + Auth string `json:"auth"` + P256DH string `json:"p256dh"` +} + +// NotificationPayload marks a JSON payload sent in a push event to the JS service worker. +// This is used for background notifications. +type NotificationPayload struct { + Title string `json:"title"` + Text string `json:"text"` + URL string `json:"url"` +} diff --git a/modules/templates/helper.go b/modules/templates/helper.go index b5b49874276db..27a9ca1201434 100644 --- a/modules/templates/helper.go +++ b/modules/templates/helper.go @@ -70,6 +70,9 @@ func NewFuncMap() []template.FuncMap { "AppDomain": func() string { return setting.Domain }, + "WebPushPublicKey": func() string { + return setting.WebPushPublicKey + }, "DisableGravatar": func() bool { return setting.DisableGravatar }, diff --git a/routers/api/v1/api.go b/routers/api/v1/api.go index bce3bf2452832..8a4a31210a68b 100644 --- a/routers/api/v1/api.go +++ b/routers/api/v1/api.go @@ -523,6 +523,8 @@ func RegisterRoutes(m *macaron.Macaron) { Get(notify.GetThread). Patch(notify.ReadThread) }, reqToken()) + // Can also make use of session-based authentication, hence reqToken isn't used as above: + m.Post("/notifications/subscription", bind(api.NotificationWebPushSubscription{}), notify.NewWebPushSubscription) // Users m.Group("/users", func() { diff --git a/routers/api/v1/notify/notifications.go b/routers/api/v1/notify/notifications.go index 71dd7d949267f..0849b616ed4b2 100644 --- a/routers/api/v1/notify/notifications.go +++ b/routers/api/v1/notify/notifications.go @@ -6,9 +6,12 @@ package notify import ( "net/http" + "strings" "code.gitea.io/gitea/models" "code.gitea.io/gitea/modules/context" + "code.gitea.io/gitea/modules/log" + "code.gitea.io/gitea/modules/setting" api "code.gitea.io/gitea/modules/structs" ) @@ -22,3 +25,65 @@ func NewAvailable(ctx *context.APIContext) { // "$ref": "#/responses/NotificationCount" ctx.JSON(http.StatusOK, api.NotificationCount{New: models.CountUnread(ctx.User)}) } + +// NewWebPushSubscription check if unread notifications exist +func NewWebPushSubscription(ctx *context.APIContext, input api.NotificationWebPushSubscription) { + // swagger:operation POST /notifications/subscription notification notifyNewWebPushSubscription + // --- + // summary: Create a Web Push subscription for the current user to receieve push notifications. + // This will also produce a test notification to ensure the given details are valid. + // consumes: + // - application/json + // parameters: + // - name: body + // in: body + // schema: + // "$ref": "#/definitions/NotificationWebPushSubscription" + // responses: + // "201": + // description: The Web Push subscription was tested and saved successfully. + // "422": + // description: Required fields were missing or the provided subscription could not be tested successfully. + + if !ctx.IsSigned { + ctx.Context.Error(http.StatusUnauthorized) + return + } + + if input.Endpoint == "" || input.Auth == "" || input.P256DH == "" { + ctx.Status(http.StatusUnprocessableEntity) + return + } + + testPayload := &api.NotificationPayload{ + Title: setting.AppName, + Text: "This is a test notification from Gitea. If you're reading this notifications are working. Hooray!", + URL: setting.AppURL, + } + resp, err := models.SendWebPushNotification(&input, testPayload) + if err != nil { + // An invalid key causes a mathematical error. This is the user's fault. + if strings.Contains(err.Error(), "key is not a valid point on the curve") { + ctx.Status(http.StatusUnprocessableEntity) + return + } + // Otherwise it could be a network problem. + ctx.Status(http.StatusInternalServerError) + return + } + + // Web Push returns 201 on success. + if resp.StatusCode != http.StatusCreated { + ctx.Status(http.StatusUnprocessableEntity) + return + } + + err = models.CreateWebPushSubscription(ctx.User.ID, &input) + if err != nil { + log.Error("could not create web push: %v", err) + ctx.Status(http.StatusInternalServerError) + return + } + + ctx.Status(http.StatusCreated) +} diff --git a/routers/api/v1/swagger/options.go b/routers/api/v1/swagger/options.go index 4bb649616a01a..8f66c3d739728 100644 --- a/routers/api/v1/swagger/options.go +++ b/routers/api/v1/swagger/options.go @@ -137,4 +137,7 @@ type swaggerParameterBodies struct { // in:body CreateOAuth2ApplicationOptions api.CreateOAuth2ApplicationOptions + + // in:body + NotificationWebPushSubscription api.NotificationWebPushSubscription } diff --git a/templates/base/head.tmpl b/templates/base/head.tmpl index e0765d59d30ed..ae7874369d4f9 100644 --- a/templates/base/head.tmpl +++ b/templates/base/head.tmpl @@ -12,6 +12,7 @@ navigator.serviceWorker.register('{{AppSubUrl}}/serviceworker.js').then(function(registration) { // Registration was successful console.info('ServiceWorker registration successful with scope: ', registration.scope); + window.serviceWorkerRegistration = registration; }, function(err) { // registration failed :( console.info('ServiceWorker registration failed: ', err); @@ -86,6 +87,8 @@ window.config = { AppSubUrl: '{{AppSubUrl}}', StaticUrlPrefix: '{{StaticUrlPrefix}}', + WebPushPublicKey: '{{WebPushPublicKey}}', + ServiceWorkerEnabled: {{if UseServiceWorker}}true{{else}}false{{end}}, csrf: '{{.CsrfToken}}', HighlightJS: {{if .RequireHighlightJS}}true{{else}}false{{end}}, Minicolors: {{if .RequireMinicolors}}true{{else}}false{{end}}, diff --git a/templates/pwa/serviceworker_js.tmpl b/templates/pwa/serviceworker_js.tmpl index 7117555dd237c..a951fbdd062ce 100644 --- a/templates/pwa/serviceworker_js.tmpl +++ b/templates/pwa/serviceworker_js.tmpl @@ -74,3 +74,25 @@ self.addEventListener('fetch', function (event) { ) ); }); + +self.addEventListener('push', function (event) { + var eventPayload = event.data.json(); + var options = { + body: eventPayload.text, + vibrate: [100, 50, 100], + data: { + url: eventPayload.url + } + }; + + event.waitUntil(self.registration.showNotification(eventPayload.title, options)); +}); + +self.addEventListener('notificationclick', function (event) { + var notification = event.notification; + var url = notification.data.url; + + clients.openWindow(url); + notification.close(); +}); + diff --git a/templates/swagger/v1_json.tmpl b/templates/swagger/v1_json.tmpl index 8b10a759901d3..9ced87ff4a926 100644 --- a/templates/swagger/v1_json.tmpl +++ b/templates/swagger/v1_json.tmpl @@ -534,6 +534,35 @@ } } }, + "/notifications/subscription": { + "post": { + "consumes": [ + "application/json" + ], + "tags": [ + "notification" + ], + "summary": "Create a Web Push subscription for the current user to receieve push notifications. This will also produce a test notification to ensure the given details are valid.", + "operationId": "notifyNewWebPushSubscription", + "parameters": [ + { + "name": "body", + "in": "body", + "schema": { + "$ref": "#/definitions/NotificationWebPushSubscription" + } + } + ], + "responses": { + "201": { + "description": "The Web Push subscription was tested and saved successfully." + }, + "422": { + "description": "Required fields were missing or the provided subscription could not be tested successfully." + } + } + } + }, "/notifications/threads/{id}": { "get": { "consumes": [ @@ -12603,6 +12632,25 @@ }, "x-go-package": "code.gitea.io/gitea/modules/structs" }, + "NotificationWebPushSubscription": { + "type": "object", + "title": "NotificationWebPushSubscription represents a HTML5 Web Push Subscription used for background notifications.", + "properties": { + "auth": { + "type": "string", + "x-go-name": "Auth" + }, + "endpoint": { + "type": "string", + "x-go-name": "Endpoint" + }, + "p256dh": { + "type": "string", + "x-go-name": "P256DH" + } + }, + "x-go-package": "code.gitea.io/gitea/modules/structs" + }, "OAuth2Application": { "type": "object", "title": "OAuth2Application represents an OAuth2 application.", @@ -14427,7 +14475,7 @@ "parameterBodies": { "description": "parameterBodies", "schema": { - "$ref": "#/definitions/CreateOAuth2ApplicationOptions" + "$ref": "#/definitions/NotificationWebPushSubscription" } }, "redirect": { diff --git a/templates/user/notification/notification.tmpl b/templates/user/notification/notification.tmpl index c4f744a291738..27517bd608a46 100644 --- a/templates/user/notification/notification.tmpl +++ b/templates/user/notification/notification.tmpl @@ -2,7 +2,15 @@
-

{{.i18n.Tr "notification.notifications"}}

+
+
+

{{.i18n.Tr "notification.notifications"}}

+
+
+
+
+
+
diff --git a/vendor/github.com/SherClockHolmes/webpush-go/.gitignore b/vendor/github.com/SherClockHolmes/webpush-go/.gitignore new file mode 100644 index 0000000000000..13b7c32ac2591 --- /dev/null +++ b/vendor/github.com/SherClockHolmes/webpush-go/.gitignore @@ -0,0 +1,4 @@ +vendor/** + +.DS_Store +*.out diff --git a/vendor/github.com/SherClockHolmes/webpush-go/LICENSE b/vendor/github.com/SherClockHolmes/webpush-go/LICENSE new file mode 100644 index 0000000000000..161eac777d374 --- /dev/null +++ b/vendor/github.com/SherClockHolmes/webpush-go/LICENSE @@ -0,0 +1,21 @@ +MIT License + +Copyright (c) 2016 Ethan Holmes + +Permission is hereby granted, free of charge, to any person obtaining a copy +of this software and associated documentation files (the "Software"), to deal +in the Software without restriction, including without limitation the rights +to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +copies of the Software, and to permit persons to whom the Software is +furnished to do so, subject to the following conditions: + +The above copyright notice and this permission notice shall be included in all +copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE +SOFTWARE. diff --git a/vendor/github.com/SherClockHolmes/webpush-go/README.md b/vendor/github.com/SherClockHolmes/webpush-go/README.md new file mode 100644 index 0000000000000..202f8b0aa1c32 --- /dev/null +++ b/vendor/github.com/SherClockHolmes/webpush-go/README.md @@ -0,0 +1,62 @@ +# webpush-go + +[![Go Report Card](https://goreportcard.com/badge/github.com/SherClockHolmes/webpush-go)](https://goreportcard.com/report/github.com/SherClockHolmes/webpush-go) +[![GoDoc](https://godoc.org/github.com/SherClockHolmes/webpush-go?status.svg)](https://godoc.org/github.com/SherClockHolmes/webpush-go) + +Web Push API Encryption with VAPID support. + +```bash +go get -u github.com/SherClockHolmes/webpush-go +``` + +## Example + +For a full example, refer to the code in the [example](example/) directory. + +```go +package main + +import ( + "encoding/json" + + webpush "github.com/SherClockHolmes/webpush-go" +) + +func main() { + // Decode subscription + s := &webpush.Subscription{} + json.Unmarshal([]byte(""), s) + + // Send Notification + _, err := webpush.SendNotification([]byte("Test"), s, &webpush.Options{ + Subscriber: "example@example.com", + VAPIDPublicKey: "", + VAPIDPrivateKey: "", + TTL: 30, + }) + if err != nil { + // TODO: Handle error + } +} +``` + +### Generating VAPID Keys + +Use the helper method `GenerateVAPIDKeys` to generate the VAPID key pair. + +```golang +privateKey, publicKey, err := webpush.GenerateVAPIDKeys() +if err != nil { + // TODO: Handle error +} +``` + +## Development + +1. Install [Go 1.11+](https://golang.org/) +2. `go mod vendor` +3. `go test` + +#### For other language implementations visit: + +[WebPush Libs](https://github.com/web-push-libs) diff --git a/vendor/github.com/SherClockHolmes/webpush-go/go.mod b/vendor/github.com/SherClockHolmes/webpush-go/go.mod new file mode 100644 index 0000000000000..1f2a28f17661c --- /dev/null +++ b/vendor/github.com/SherClockHolmes/webpush-go/go.mod @@ -0,0 +1,8 @@ +module github.com/SherClockHolmes/webpush-go + +require ( + github.com/dgrijalva/jwt-go v3.2.0+incompatible + golang.org/x/crypto v0.0.0-20190131182504-b8fe1690c613 +) + +go 1.13 diff --git a/vendor/github.com/SherClockHolmes/webpush-go/go.sum b/vendor/github.com/SherClockHolmes/webpush-go/go.sum new file mode 100644 index 0000000000000..c784ca6eb147b --- /dev/null +++ b/vendor/github.com/SherClockHolmes/webpush-go/go.sum @@ -0,0 +1,4 @@ +github.com/dgrijalva/jwt-go v3.2.0+incompatible h1:7qlOGliEKZXTDg6OTjfoBKDXWrumCAMpl/TFQ4/5kLM= +github.com/dgrijalva/jwt-go v3.2.0+incompatible/go.mod h1:E3ru+11k8xSBh+hMPgOLZmtrrCbhqsmaPHjLKYnJCaQ= +golang.org/x/crypto v0.0.0-20190131182504-b8fe1690c613 h1:MQ/ZZiDsUapFFiMS+vzwXkCTeEKaum+Do5rINYJDmxc= +golang.org/x/crypto v0.0.0-20190131182504-b8fe1690c613/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4= diff --git a/vendor/github.com/SherClockHolmes/webpush-go/urgency.go b/vendor/github.com/SherClockHolmes/webpush-go/urgency.go new file mode 100644 index 0000000000000..97c4a32b42c54 --- /dev/null +++ b/vendor/github.com/SherClockHolmes/webpush-go/urgency.go @@ -0,0 +1,26 @@ +package webpush + +// Urgency indicates to the push service how important a message is to the user. +// This can be used by the push service to help conserve the battery life of a user's device +// by only waking up for important messages when battery is low. +type Urgency string + +const ( + // UrgencyVeryLow requires device state: on power and Wi-Fi + UrgencyVeryLow Urgency = "very-low" + // UrgencyLow requires device state: on either power or Wi-Fi + UrgencyLow Urgency = "low" + // UrgencyNormal excludes device state: low battery + UrgencyNormal Urgency = "normal" + // UrgencyHigh admits device state: low battery + UrgencyHigh Urgency = "high" +) + +// Checking allowable values for the urgency header +func isValidUrgency(urgency Urgency) bool { + switch urgency { + case UrgencyVeryLow, UrgencyLow, UrgencyNormal, UrgencyHigh: + return true + } + return false +} diff --git a/vendor/github.com/SherClockHolmes/webpush-go/vapid.go b/vendor/github.com/SherClockHolmes/webpush-go/vapid.go new file mode 100644 index 0000000000000..20dffaa64afc3 --- /dev/null +++ b/vendor/github.com/SherClockHolmes/webpush-go/vapid.go @@ -0,0 +1,99 @@ +package webpush + +import ( + "crypto/ecdsa" + "crypto/elliptic" + "crypto/rand" + "encoding/base64" + "fmt" + "math/big" + "net/url" + "time" + + jwt "github.com/dgrijalva/jwt-go" +) + +// GenerateVAPIDKeys will create a private and public VAPID key pair +func GenerateVAPIDKeys() (privateKey, publicKey string, err error) { + // Get the private key from the P256 curve + curve := elliptic.P256() + + private, x, y, err := elliptic.GenerateKey(curve, rand.Reader) + if err != nil { + return + } + + public := elliptic.Marshal(curve, x, y) + + // Convert to base64 + publicKey = base64.RawURLEncoding.EncodeToString(public) + privateKey = base64.RawURLEncoding.EncodeToString(private) + + return +} + +// Generates the ECDSA public and private keys for the JWT encryption +func generateVAPIDHeaderKeys(privateKey []byte) *ecdsa.PrivateKey { + // Public key + curve := elliptic.P256() + px, py := curve.ScalarMult( + curve.Params().Gx, + curve.Params().Gy, + privateKey, + ) + + pubKey := ecdsa.PublicKey{ + Curve: curve, + X: px, + Y: py, + } + + // Private key + d := &big.Int{} + d.SetBytes(privateKey) + + return &ecdsa.PrivateKey{ + PublicKey: pubKey, + D: d, + } +} + +// getVAPIDAuthorizationHeader +func getVAPIDAuthorizationHeader( + endpoint, + subscriber, + vapidPublicKey, + vapidPrivateKey string, +) (string, error) { + // Create the JWT token + subURL, err := url.Parse(endpoint) + if err != nil { + return "", err + } + + token := jwt.NewWithClaims(jwt.SigningMethodES256, jwt.MapClaims{ + "aud": fmt.Sprintf("%s://%s", subURL.Scheme, subURL.Host), + "exp": time.Now().Add(time.Hour * 12).Unix(), + "sub": fmt.Sprintf("mailto:%s", subscriber), + }) + + // ECDSA + decodedVapidPrivateKey, err := base64.RawURLEncoding.DecodeString(vapidPrivateKey) + if err != nil { + return "", err + } + + privKey := generateVAPIDHeaderKeys(decodedVapidPrivateKey) + + // Sign token with private key + jwtString, err := token.SignedString(privKey) + if err != nil { + return "", err + } + + return fmt.Sprintf( + "vapid t=%s, k=%s", + jwtString, + vapidPublicKey, + ), nil +} diff --git a/vendor/github.com/SherClockHolmes/webpush-go/webpush.go b/vendor/github.com/SherClockHolmes/webpush-go/webpush.go new file mode 100644 index 0000000000000..6b41aa0effd2e --- /dev/null +++ b/vendor/github.com/SherClockHolmes/webpush-go/webpush.go @@ -0,0 +1,252 @@ +package webpush + +import ( + "bytes" + "crypto/aes" + "crypto/cipher" + "crypto/elliptic" + "crypto/rand" + "crypto/sha256" + "encoding/base64" + "encoding/binary" + "errors" + "io" + "net/http" + "strconv" + "strings" + + "golang.org/x/crypto/hkdf" +) + +const MaxRecordSize uint32 = 4096 + +// saltFunc generates a salt of 16 bytes +var saltFunc = func() ([]byte, error) { + salt := make([]byte, 16) + _, err := io.ReadFull(rand.Reader, salt) + if err != nil { + return salt, err + } + + return salt, nil +} + +// HTTPClient is an interface for sending the notification HTTP request / testing +type HTTPClient interface { + Do(*http.Request) (*http.Response, error) +} + +// Options are config and extra params needed to send a notification +type Options struct { + HTTPClient HTTPClient // Will replace with *http.Client by default if not included + RecordSize uint32 // Limit the record size + Subscriber string // Sub in VAPID JWT token + Topic string // Set the Topic header to collapse a pending messages (Optional) + TTL int // Set the TTL on the endpoint POST request + Urgency Urgency // Set the Urgency header to change a message priority (Optional) + VAPIDPublicKey string // VAPID public key, passed in VAPID Authorization header + VAPIDPrivateKey string // VAPID private key, used to sign VAPID JWT token +} + +// Keys are the base64 encoded values from PushSubscription.getKey() +type Keys struct { + Auth string `json:"auth"` + P256dh string `json:"p256dh"` +} + +// Subscription represents a PushSubscription object from the Push API +type Subscription struct { + Endpoint string `json:"endpoint"` + Keys Keys `json:"keys"` +} + +// SendNotification sends a push notification to a subscription's endpoint +// Message Encryption for Web Push, and VAPID protocols. +// FOR MORE INFORMATION SEE RFC8291: https://datatracker.ietf.org/doc/rfc8291 +func SendNotification(message []byte, s *Subscription, options *Options) (*http.Response, error) { + // Authentication secret (auth_secret) + authSecret, err := decodeSubscriptionKey(s.Keys.Auth) + if err != nil { + return nil, err + } + + // dh (Diffie Hellman) + dh, err := decodeSubscriptionKey(s.Keys.P256dh) + if err != nil { + return nil, err + } + + // Generate 16 byte salt + salt, err := saltFunc() + if err != nil { + return nil, err + } + + // Create the ecdh_secret shared key pair + curve := elliptic.P256() + + // Application server key pairs (single use) + localPrivateKey, x, y, err := elliptic.GenerateKey(curve, rand.Reader) + if err != nil { + return nil, err + } + + localPublicKey := elliptic.Marshal(curve, x, y) + + // Combine application keys with dh + sharedX, sharedY := elliptic.Unmarshal(curve, dh) + if sharedX == nil { + return nil, errors.New("Unmarshal Error: Public key is not a valid point on the curve") + } + + sx, _ := curve.ScalarMult(sharedX, sharedY, localPrivateKey) + sharedECDHSecret := sx.Bytes() + + hash := sha256.New + + // ikm + prkInfoBuf := bytes.NewBuffer([]byte("WebPush: info\x00")) + prkInfoBuf.Write(dh) + prkInfoBuf.Write(localPublicKey) + + prkHKDF := hkdf.New(hash, sharedECDHSecret, authSecret, prkInfoBuf.Bytes()) + ikm, err := getHKDFKey(prkHKDF, 32) + if err != nil { + return nil, err + } + + // Derive Content Encryption Key + contentEncryptionKeyInfo := []byte("Content-Encoding: aes128gcm\x00") + contentHKDF := hkdf.New(hash, ikm, salt, contentEncryptionKeyInfo) + contentEncryptionKey, err := getHKDFKey(contentHKDF, 16) + if err != nil { + return nil, err + } + + // Derive the Nonce + nonceInfo := []byte("Content-Encoding: nonce\x00") + nonceHKDF := hkdf.New(hash, ikm, salt, nonceInfo) + nonce, err := getHKDFKey(nonceHKDF, 12) + if err != nil { + return nil, err + } + + // Cipher + c, err := aes.NewCipher(contentEncryptionKey) + if err != nil { + return nil, err + } + + gcm, err := cipher.NewGCM(c) + if err != nil { + return nil, err + } + + // Get the record size + recordSize := options.RecordSize + if recordSize == 0 { + recordSize = MaxRecordSize + } + + recordLength := int(recordSize) - 16 + + // Encryption Content-Coding Header + recordBuf := bytes.NewBuffer(salt) + + rs := make([]byte, 4) + binary.BigEndian.PutUint32(rs, recordSize) + + recordBuf.Write(rs) + recordBuf.Write([]byte{byte(len(localPublicKey))}) + recordBuf.Write(localPublicKey) + + // Data + dataBuf := bytes.NewBuffer(message) + + // Pad content to max record size - 16 - header + // Padding ending delimeter + dataBuf.Write([]byte("\x02")) + pad(dataBuf, recordLength-recordBuf.Len()) + + // Compose the ciphertext + ciphertext := gcm.Seal([]byte{}, nonce, dataBuf.Bytes(), nil) + recordBuf.Write(ciphertext) + + // POST request + req, err := http.NewRequest("POST", s.Endpoint, recordBuf) + if err != nil { + return nil, err + } + + req.Header.Set("Content-Encoding", "aes128gcm") + req.Header.Set("Content-Length", strconv.Itoa(len(ciphertext))) + req.Header.Set("Content-Type", "application/octet-stream") + req.Header.Set("TTL", strconv.Itoa(options.TTL)) + + // Сheck the optional headers + if len(options.Topic) > 0 { + req.Header.Set("Topic", options.Topic) + } + + if isValidUrgency(options.Urgency) { + req.Header.Set("Urgency", string(options.Urgency)) + } + + // Get VAPID Authorization header + vapidAuthHeader, err := getVAPIDAuthorizationHeader( + s.Endpoint, + options.Subscriber, + options.VAPIDPublicKey, + options.VAPIDPrivateKey, + ) + if err != nil { + return nil, err + } + + req.Header.Set("Authorization", vapidAuthHeader) + + // Send the request + var client HTTPClient + if options.HTTPClient != nil { + client = options.HTTPClient + } else { + client = &http.Client{} + } + + return client.Do(req) +} + +// decodeSubscriptionKey decodes a base64 subscription key. +// if necessary, add "=" padding to the key for URL decode +func decodeSubscriptionKey(key string) ([]byte, error) { + // "=" padding + buf := bytes.NewBufferString(key) + if rem := len(key) % 4; rem != 0 { + buf.WriteString(strings.Repeat("=", 4-rem)) + } + + bytes, err := base64.StdEncoding.DecodeString(buf.String()) + if err == nil { + return bytes, nil + } + return base64.URLEncoding.DecodeString(buf.String()) +} + +// Returns a key of length "length" given an hkdf function +func getHKDFKey(hkdf io.Reader, length int) ([]byte, error) { + key := make([]byte, length) + n, err := io.ReadFull(hkdf, key) + if n != len(key) || err != nil { + return key, err + } + + return key, nil +} + +func pad(payload *bytes.Buffer, maxPadLen int) { + payloadLen := payload.Len() + padLen := maxPadLen - payloadLen + + padding := make([]byte, padLen) + payload.Write(padding) +} diff --git a/vendor/golang.org/x/crypto/hkdf/hkdf.go b/vendor/golang.org/x/crypto/hkdf/hkdf.go new file mode 100644 index 0000000000000..dda3f143bec50 --- /dev/null +++ b/vendor/golang.org/x/crypto/hkdf/hkdf.go @@ -0,0 +1,93 @@ +// Copyright 2014 The Go Authors. All rights reserved. +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. + +// Package hkdf implements the HMAC-based Extract-and-Expand Key Derivation +// Function (HKDF) as defined in RFC 5869. +// +// HKDF is a cryptographic key derivation function (KDF) with the goal of +// expanding limited input keying material into one or more cryptographically +// strong secret keys. +package hkdf // import "golang.org/x/crypto/hkdf" + +import ( + "crypto/hmac" + "errors" + "hash" + "io" +) + +// Extract generates a pseudorandom key for use with Expand from an input secret +// and an optional independent salt. +// +// Only use this function if you need to reuse the extracted key with multiple +// Expand invocations and different context values. Most common scenarios, +// including the generation of multiple keys, should use New instead. +func Extract(hash func() hash.Hash, secret, salt []byte) []byte { + if salt == nil { + salt = make([]byte, hash().Size()) + } + extractor := hmac.New(hash, salt) + extractor.Write(secret) + return extractor.Sum(nil) +} + +type hkdf struct { + expander hash.Hash + size int + + info []byte + counter byte + + prev []byte + buf []byte +} + +func (f *hkdf) Read(p []byte) (int, error) { + // Check whether enough data can be generated + need := len(p) + remains := len(f.buf) + int(255-f.counter+1)*f.size + if remains < need { + return 0, errors.New("hkdf: entropy limit reached") + } + // Read any leftover from the buffer + n := copy(p, f.buf) + p = p[n:] + + // Fill the rest of the buffer + for len(p) > 0 { + f.expander.Reset() + f.expander.Write(f.prev) + f.expander.Write(f.info) + f.expander.Write([]byte{f.counter}) + f.prev = f.expander.Sum(f.prev[:0]) + f.counter++ + + // Copy the new batch into p + f.buf = f.prev + n = copy(p, f.buf) + p = p[n:] + } + // Save leftovers for next run + f.buf = f.buf[n:] + + return need, nil +} + +// Expand returns a Reader, from which keys can be read, using the given +// pseudorandom key and optional context info, skipping the extraction step. +// +// The pseudorandomKey should have been generated by Extract, or be a uniformly +// random or pseudorandom cryptographically strong key. See RFC 5869, Section +// 3.3. Most common scenarios will want to use New instead. +func Expand(hash func() hash.Hash, pseudorandomKey, info []byte) io.Reader { + expander := hmac.New(hash, pseudorandomKey) + return &hkdf{expander, expander.Size(), info, 1, nil, nil} +} + +// New returns a Reader, from which keys can be read, using the given hash, +// secret, salt and context info. Salt and info can be nil. +func New(hash func() hash.Hash, secret, salt, info []byte) io.Reader { + prk := Extract(hash, secret, salt) + return Expand(hash, prk, info) +} diff --git a/vendor/modules.txt b/vendor/modules.txt index 8a7c6706e9ee6..91950d8da0073 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -62,6 +62,9 @@ github.com/PuerkitoBio/urlesc # github.com/RoaringBitmap/roaring v0.4.21 ## explicit github.com/RoaringBitmap/roaring +# github.com/SherClockHolmes/webpush-go v1.1.0 +## explicit +github.com/SherClockHolmes/webpush-go # github.com/andybalholm/cascadia v1.0.0 github.com/andybalholm/cascadia # github.com/anmitsu/go-shlex v0.0.0-20161002113705-648efa622239 @@ -679,6 +682,7 @@ golang.org/x/crypto/chacha20 golang.org/x/crypto/curve25519 golang.org/x/crypto/ed25519 golang.org/x/crypto/ed25519/internal/edwards25519 +golang.org/x/crypto/hkdf golang.org/x/crypto/internal/subtle golang.org/x/crypto/md4 golang.org/x/crypto/openpgp diff --git a/web_src/js/features/pushnotifications.js b/web_src/js/features/pushnotifications.js new file mode 100644 index 0000000000000..a79233153bd9b --- /dev/null +++ b/web_src/js/features/pushnotifications.js @@ -0,0 +1,65 @@ +export default async function initPushNotificationsOptIn() { + if (!window.location.pathname.startsWith('/notifications')) return; + if (!('serviceWorker' in navigator && 'PushManager' in window && window.config.ServiceWorkerEnabled)) { + return; + } + + const button = $('Enable Push Notifications'); + button.on('click', subscribe); + $('#pushNotificationOptIn').prepend(button); +} + +async function subscribe() { + const canNotify = await hasNotificationPermission(); + if (!canNotify) return false; + + /** @type {ServiceWorkerRegistration} */ + const registration = window.serviceWorkerRegistration; + const subscriptionResults = await registration.pushManager.subscribe({ + userVisibleOnly: true, + applicationServerKey: window.config.WebPushPublicKey + }); + await createGiteaServerSubscription(subscriptionResults.toJSON()); +} + +async function createGiteaServerSubscription(subscriptionJSON) { + try { + const request = await fetch(`${window.config.AppSubUrl}/api/v1/notifications/subscription`, { + credentials: 'include', + method: 'POST', + headers: { + 'Content-Type': 'application/json; charset=utf-8', + }, + body: JSON.stringify({ + endpoint: subscriptionJSON.endpoint, + auth: subscriptionJSON.keys.auth, + p256dh: subscriptionJSON.keys.p256dh + }) + }); + if (request.status === 201) return true; + } catch (error) { + console.error(error); + } + return false; +} + +async function hasNotificationPermission() { + const requestResult = await requestNotificationPermission(); + if (requestResult === 'granted') { + return true; + } + return false; +} + +function requestNotificationPermission() { + return new Promise((resolve, reject) => { + // This used to be callback-based instead of a Promise. We account for that here: + const permissionResult = Notification.requestPermission((result) => { + return resolve(result); + }); + + if (permissionResult) { + permissionResult.then(resolve, reject); + } + }); +} diff --git a/web_src/js/index.js b/web_src/js/index.js index 63a5134bbd5bf..cdde3ed5ca04c 100644 --- a/web_src/js/index.js +++ b/web_src/js/index.js @@ -15,6 +15,7 @@ import initGitGraph from './features/gitgraph.js'; import initClipboard from './features/clipboard.js'; import initUserHeatmap from './features/userheatmap.js'; import initDateTimePicker from './features/datetimepicker.js'; +import initPushNotificationsOptIn from './features/pushnotifications.js'; import createDropzone from './features/dropzone.js'; import highlight from './features/highlight.js'; import ActivityTopAuthors from './components/ActivityTopAuthors.vue'; @@ -2595,6 +2596,7 @@ $(document).ready(async () => { initRepoStatusChecker(); initTemplateSearch(); initContextPopups(); + initPushNotificationsOptIn(); // Repo clone url. if ($('#repo-clone-url').length > 0) {